...
Cloud Agent limitations
The Cloud Agent feature is currently supported under the following limitations:
You may connect up to 4 Cloud Agents to a DPOD installation.
Each Cloud Agent may discover up to 10 DataPower Gateway pods.
The cumulative transaction rate of all the DataPower Gateways that are connected via Cloud Agents to a DPOD installation should not exceed 40 TPS.
The Cloud Agent operator was tested only on OpenShift.
Changes to gateway objects
DPOD requires some configuration changes in the gateways at both device and domain levels. These changes
include but are not limited to Syslog log targets.- At the service level - only the optional deprecated feature of the Extended Transaction requires instrumentation.
- To see the full list of changes please look at this table
are details in Gateway Changes Performed by DPOD.
No support for DHCP
DPOD does not support DHCP network configuration.
Known workarounds:
PleasePlease refer to Change Appliance Network Address.
Maintenance plan limitations
DPOD includes several operations maintenance plans to assist in the day to day operational tasks, such as backups, configuration sync, firmware upgrade, etc.
As these features have system wide influence and might affect the availability of the Gateway and services, they include limitations on the usage of the features.
For backups - see limitations here.
For configuration sync - see limitations here.
For firmware upgrades - see limitations here.
For appliance migration - see limitations here.
DPOD Operating System supported locale
The only supported operating system locale definition for DPOD is en_US.UTF-8 as described in the installation prerequisites.
Object names in non-English languages may be partially supported.
Limited functionality is provided when DataPower has a language different than English
Choosing a language in DataPower will impact the content of the Syslog records sent to DPOD. This will cause DPOD to provide a limited analysis on records that are not in English.
Known workarounds:
ChangeChange the language of your monitored device to English (en).
Partial
...
support for
...
tenant feature
In DataPower firmware 7.6, the tenant module was introduced only to physical appliance type 8436.
- Currently DPOD does not support monitoring resources of the tenant feature. Only capturing transactions on tenants is supported.
On tenant devices, only capturing transactions is supported.
The following features are currently not supported for tenant devices:
Device resource monitoring (CPU, memory, etc.)
Maintenance plans (Backup, Sync, Firmware Upgrade)
Extended Transaction
Transactions under the default domain are not monitored
This limitation is derived from a limitation of the monitored device.
Log targets defined at the default domain collect all logs from all domains, and currently there is way to apply a filter to the log targets in order to filter out logs from other application domains.
Known workarounds:
There is a workaround, but it only applies if the customer is willing to duplicate all network traffic, or alternatively run transactions only on the Default domain. Please contact supportSee Monitoring Transactions in the Default Domain for more details.
Duplicate Syslog messages appear in Raw Messages
- DPOD uses several Syslog log targets in different domains and configurations.
- By design, it is collecting some error messages twice, and those messages appear twice in the Raw Messages page or in the Raw Messages tab of a single transaction.
- This duplication is required for the correct behavior of DPOD.
DPOD integration with API-C can be applied to only a single API Connect domain per DataPower Gateway for firmware lower than 7.6
- This limitation is derived from a limitation of the monitored device.
- Known workarounds: Upgrade to firmware 7.6 / 7.5.2.8 or later.
WS-M does not capture multi-protocol Gateway services payloads for firmware lower than 7.5.2
- This limitation is derived from a limitation of the monitored device.
- Known workarounds: Upgrade to firmware 7.5.2.1 or later.
Payload size does not include response size (only request size)
- At present, monitored devices do not report the front-end response payload size, nor do they report on the back-end request and response.
Limitation on the number of domains that DPOD can monitor on a single Gateway
- When there are no custom log targets defined on the Gateway, the Gateway supports a maximum of 125 domains that DPOD can monitor.
- Before firmware 7.5.2.4, the Gateway supported 500 log targets. Because the default domain requires 3 log targets and each application domain requires 2 log targets, The Gateway without custom log targets supports a maximum of 248 domains. After firmware 7.5.2.4 this number were doubled.
- When you enable DPOD monitoring, one new log target is added to the default domain and 2 new log targets to each application domain.
- Before you can enable DPOD monitoring:
- View the list of defined domains, to ensure that no more than 125 domains are already defined.
- Run the show log-targets command in Diagnostics mode to determine the number of log targets that are defined.
- Known workarounds: Unless the following calculation results in a positive integer, do not enable DPOD monitoring until you move domains to another Gateway:
Max Log targets per device - ((domains x 2) - 1) - number_log_targets
B2B support is limited
- At present, the most important B2B features (e.g. transaction aggregation) are supported. Configuration sampling and specific filtering in dashboards are part of the current version.
Error is not displayed in "Deprecated Extended transactions"
- The deprecated Extended Transaction is the only feature of DPOD that involves instrumentation of an XSLT transformation to the Web Service Proxy policy (request / response and error rules).
- The instrumentation is integrated by the system only when initiated by the system administrator and not by default.
- The behavior when an error is raised by the service (WS-Proxy) depends on the applicable scenario:
- No error rule in the service where the error is raised. Previous services are configured with "Process HTTP errors = on"
- As there is no error rule, an extended transaction log record will not be generated for the error, and it will not be displayed on the "Extended Transactions" screen.
- The extended transaction display will resemble the following (note: one record is missing)
- No error rule in the service where the error is raised. Previous services do have error rule configured
- As there is no error rule, an extended transaction log record will not be generated for the error, and it will not be displayed on the "Extended Transactions" screen.
- However, as previous services do have an error rule, the "Extended Transactions" display will resemble the following:
- No error rule in the service where the error is raised. Previous services are configured with "Process HTTP errors = on"
- Known workarounds: None.
The Extended Transaction facility does not support API-Connect
...
Limitation on the number of domains that DPOD can monitor on a single gateway
Since the DataPower gateway currently supports up to 1,000 log targets, DPOD can monitor a maximum of 333 domains per each gateway, if no other custom log targets are defined. See details and calculation below for more information.
This limitation is per each DataPower gateway and has no effect on the number of gateways that can be connected to DPOD.The total amount of log targets per each DataPower gateway cannot exceed 1,000 and consists of:
One required default log target per domain (created when the domain is created with the name
default-log
), which cannot be removed.Additional custom log targets, created by the customer for non-DPOD use.
Log targets created by DPOD - DPOD will create one log target for the default domain, and 2 log targets for each monitored application domain.
Before you enable DPOD monitoring:
Count how many domains should be monitored by DPOD (except the default domain) -
DOMAINS_COUNT
Count how many log targets already exist in the DataPower gateway -
EXISTING_LOG_TARGETS_COUNT
You can view the existing log targets in the DataPower gateway WebGUI under default domain → Log Target Status → Show All DomainsMake sure the following calculation is true:
Code Block EXISTING_LOG_TARGETS_COUNT + (DOMAINS_COUNT x 2) + 1 < 1,000
Known workarounds: If the number of expected log targets exceeds the limit, do not enable DPOD monitoring. You may use the following methods to allow for DPOD monitoring:
Reduce the amount of monitored domains by setting up monitoring only for selected domains (see Configuring Monitored Gateways).
Delete unused domains or move domains to another gateway.
Delete unused custom log targets that were created for non-DPOD use.
B2B support is limited
Only the most important B2B features (e.g.: transaction details) are supported.